| Subscribe via RSS

ThreatExpert Blog has an excellent write up on the Gimmiv.A worm

October 24th, 2008 | No Comments | Posted in News

Yesterday Microsoft release a security patch for a critical vulnerability.  It seems a worm has been found exploiting this vulnerability in the wild.  If you head over to the ThreatExpert Blog you can find a full write-up on this worm and how it’s using this critical vulnerability to exploit systems.

Critical vulnerability in Server Service has only been patched by Microsoft (MS08-067), as a new worm called Gimmiv.A has found to be exploiting it in-the-wild.

If you run Snort IDS here is a link to rules that block this vulnerability.

People will always be the weakest link in security.

October 22nd, 2008 | 4 Comments | Posted in News, wtf

Yesterday morning I stopped in the local Starbucks to get some coffee.  I noticed when I arrived a customer that was unpacking a laptop bag and getting situated.  While I was waiting in line after ordering my drink, the same customer passed me heading into the restroom.  After I got my coffee I started to head out the door.  I noticed that the customer had booted their laptop and had a Citrix session running with Outlook open.  I looked around and realized that the customer was still in the restroom.  I decided to take a few minutes and sit down across the room and observe.  I noticed that the laptop had a 3G data card plugged in, so I am guessing that was the data connection the customer was using, not the WiFi hotspot.

Lets evaluate the situation.  We have a company that’s IT people need to provide remote access to its users.  They want to keep full control of their data, so they go the thin-client route and use Citrix.  They also must provide the 3G card I am guessing as well.  But after all that a user boots the laptop, I’m guessing VPNs into the company, authenticates through the thin-client, launches Outlook and then takes a health break without locking the system.

More »

Review: SANS Pen Test Webcast Part 1

October 16th, 2008 | No Comments | Posted in Attacks, News, Web

Yesterday was the SANS Webcast on “Combining Network, Web App and Wireless into the Ultimate Penetration Test,” I had registered to catch it live but my lunch break disappeared under a pile of deadlines. Today I was able to catch the archive of the presentation.

The focus of the webcast was as the title describes, using combined methods and attack vectors during a penetration test. Sometimes depending on the client requirements, a pen test will be requested but with a very limited scope. For example they might only want their wireless network tested or a public facing web application. Usually due to either lack of interest or cost some companies will not get the full Monte? I think this is bad because the results provided from the pen test are only part of the picture. I think that if a business is going to have a pen test conducted it should cover all the potential attack vectors. Otherwise a business might have a false sense of security.

More »

NoScript ClearClick Warning (aka Clickjacking)

October 10th, 2008 | 3 Comments | Posted in News

I was on Google Video just now checking out the OWASP.TV videos from the conference in NYC, when I got a “ClearClick Warning” from NoScript.  I know that NoScript added Clickjacking support but this was the first time I had seen a warning.  I checked the page with Firebug and didn’t anything wrong.  I am guessing it was a false positive but now I’m just curious.  Has anyone else seen the “ClearClick Warning” and if so was it a correct or a false positive?  Post your feedback in the comments.

Tags: , ,

Metasploit 3.2 drops commercial license restriction

October 9th, 2008 | 3 Comments | Posted in News

It seems that Metasploit 3.2 will be sporting a BSD 3-Class license.  That basically means that MSF can be forked or modified and repackaged and sold by commercial entities.  The 3-Class license basically means that the source code and binaries keeps the copyright but they can’t say the mutant product is endorsed by HD.

DarkReading has an article about it and one of the ideas tossed around is Core Impact integrating MSF into their tool.  Aside from the thousands of dollars that Core cost,  the lack of reporting functionality is one of the reasons MSF is kept in the shadows with researchers and pen-testers.  MSF is awesome and I’m a big fan of it and look forward to all it’s bastard children.  But, if someone can take MSF and create some awesome reporting tools that would rock.  I have always thought someone should build some reporting plug-in’s for MSF maybe someone will now.

I would like to know what you think about the MSF license change in the comments.

« Older Entries